Upgrade to 3.2.1 is asap needed. see: https://github.com/Netatalk/netatalk/releases/tag/netatalk-3-2-1 This release includes a patch for security vulnerabilities CVE-2024-38439, CVE-2024-38440, and CVE-2024-38441. Users of the 3.x release series are encouraged to update their servers to this version. dutchman01
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=c999b147633b20e0f23315598c5c4e1d4452c201 commit c999b147633b20e0f23315598c5c4e1d4452c201 Author: Fernando Apesteguía <fernape@FreeBSD.org> AuthorDate: 2024-06-30 17:42:51 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2024-06-30 17:42:51 +0000 security/vuxml: add net/netatalk3 vulnerabilities * CVE-2024-38439 * CVE-2024-38440 * CVE-2024-38441 NVD assessments not yet provided. PR: 280046 Reported by: Dutchman01 <dutchman01@quicknet.nl> security/vuxml/vuln/2024.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+)
Netatalk has been updated to 3.2.1.